Debian has issued an update for linux-2.6. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, and potentially gain escalated privileges, and by malicious people to cause a DoS (Denial of Service).

For more information:
SA35265
SA38601
SA39490

1) An error within the SCTP subsystem can be exploited to cause a crash by sending a specially crafted init package.

2) An error exists within the implementation of the TIPC protocol, which can be exploited by malicious, local users to cause a NULL pointer dereference by sending datagrams through AF_TIPC before entering the network mode.

3) An error exists within the kgdb implementation for the PowerPC architecture, which can be exploited by malicious, local users to write to kernel memory.

NOTE: This does not affect the binary kernels packages.

4) An error exists within the implementation of the GFS2 file system, which can be exploited by malicious, local users to trigger a "BUG()".

5) The "nfs_release_request()" function in fs/nfs/pagelist.c can be interrupted, which can be exploited to e.g. cause a NULL pointer dereference by killing an application while it performs certain actions on an NFS file.

Solution
Apply updated packages.
Further details available in Customer Area

Provided and/or discovered by
Debian credits:
1) Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from Codenomicon Ltd.
2) Neil Hormon
3) Wufei
4) Sachin Prabhu
5) Trond Myklebust

Changelog
Further details available in Customer Area

Original Advisory
DSA-2053-1:
http://www.us.debian.org/security/2010/dsa-2053

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area